VulnerableCode Package Details - pkg:pypi/fava@1.22

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/fava@1.22

Essentials
History (3)

purl	pkg:pypi/fava@1.22

Next non-vulnerable version	1.22.3
Latest non-vulnerable version	1.22.3
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-nmpg-e4rn-5ffd Aliases: CVE-2022-2523 GHSA-q8hg-3vqv-f8v3 PYSEC-2022-240	Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.	1.22.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-x45u-rng5-n3dm Aliases: CVE-2022-2589 GHSA-6hcj-qrw3-m66q PYSEC-2022-246	Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.	1.22.3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-e3tw-125b-6ug2	The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.	CVE-2022-2514 GHSA-xrf4-39fm-j5f2 PYSEC-2022-239 PYSEC-2022-43182

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:17:31.528078+00:00	Pypa Importer	Affected by	VCID-x45u-rng5-n3dm	https://github.com/pypa/advisory-database/blob/main/vulns/fava/PYSEC-2022-246.yaml	38.6.0
2026-06-02T04:17:31.084787+00:00	Pypa Importer	Fixing	VCID-e3tw-125b-6ug2	https://github.com/pypa/advisory-database/blob/main/vulns/fava/PYSEC-2022-239.yaml	38.6.0
2026-06-02T04:17:30.961121+00:00	Pypa Importer	Affected by	VCID-nmpg-e4rn-5ffd	https://github.com/pypa/advisory-database/blob/main/vulns/fava/PYSEC-2022-240.yaml	38.6.0